Sylsog – Use it!!

Syslog has been lumped in with SNMP as an ineffective, insecure way to monitor equipment and I thought it was time I threw my 2 bits in.

I like to use syslog for the following reasons;

- Centralized location for many devices

- Standard interface when using different vendor make and models

- Easy to define similar alerts across multiple devices

- Send alerts or ‘push’ as they happen

- I don’t need any device passwords to check device logs or events

A quick google search will reveal a ton of syslog applications, just be prepared to spend some time learning the various product differences but here’s what I look for;

- Support for a large number of vendors and devices

- The ability to add or customize alerts

- Easy filtering engine or interface

- Bonus; ability to set email alerts

The only advice I can give when learning how to use syslog is to determine ahead of time what kind of devices you want to monitor and ensure it fits that need. For example, in most cases you will use it with network equipment, but in some specific circumstances I’ve used it with printers when they are in a public area.

The other point worth noting is to test your syslog server in various scenarios, like device boot up, interface flapping and anything else you normally have to troubleshoot manually.